Cybersecurity with Heart: Brian Cady on Digital Defense in Healthcare

The skills and mindset needed for the job.

Private health care information is a highly sensitive and valuable target for cyber criminals. Besides that, lives are at risk when hospitals are hit by ransomware. How can community colleges prepare skilled workers for protecting these vital services? We asked Brian Cady, System Director of Information Security at Peace Health.

July 21, 2025

A Highly Prized Target

Private medical information is valuable on the black market for several reasons. Health records contain a rich combination of personal identifiers and medical histories that can be used for illegal exploitation. Therefore, cybercriminals view hospitals as high-value targets. When a hospital is hit by a ransomware attack, the ramifications are not only complex and expensive but can impact lives. 

We interviewed Brian Cady - System Director of Information Security at PeaceHealth – to get an inside perspective. Our questions centered around how to inspire and equip Washington’s cyber students to seek employment in the health sector. 

Cady brings a powerful sense of purpose to his role. In healthcare, cybersecurity isn’t just about keeping systems operational—it’s about protecting patients’ lives and privacy. He understands that every technical decision carries real-world consequences for individuals. Human impact is of chief importance

Why Work in Cybersecurity for Healthcare? 

Cady has worked in banking, gaming, and large tech companies, but healthcare holds a unique place in his heart. 

“When somebody is seeking medical care, they can be at their most vulnerable,” he said. “What we do really helps people. That’s rewarding.” 

What Skills and Credentials Do You Need? 

Cady emphasized the value of building a solid technical foundation. 

“You need a broad level of IT knowledge—compute, networking, databases, cloud, and development,” he explained. 

He advises students to pursue entry-level certifications like CompTIA A+, Network+, Cloud+, and Security+. These validate base-level competency and complement associate degrees. More advanced credentials like CISSP, CRISC, and CompTIA Advanced Security Practitioner prepare students for regulatory, compliance, and architecture challenges specific to healthcare. 

Healthcare is highly regulated and nuanced. 

“In addition to HIPAA, we follow frameworks like NIST and may adopt HITRUST,” Cady said. Privacy rules for vulnerable populations—including children and those with mental health conditions—introduce added complexity. 

Helping Vendors Improve Security 

One overlooked role cybersecurity professionals play is influencing vendor products. 

“I’ve had to show major vendors where their products weren’t HIPAA-compliant,” Cady recalled. “Sometimes, even the vendor didn’t know.” 

This kind of collaboration requires expertise and the ability to communicate effectively. 

“We don’t say no—we work together to figure out how we can say yes. We want to enable the business.” 

Method Over Impulse: A Healthcare Cybersecurity Imperative 

Cybersecurity in healthcare requires planning and strict adherence to protocols. Impulsive problem solving is to be avoided.  

To illustrate, Cady shared a humorous anecdote from a prior (non-healthcare) role, where a cowboy hat was used as a symbol to show that a technician had acted impulsively. The hat was placed on their desk as a reminder to consult advisors next time. Act as a team and follow established procedures.

“If the hat was placed on your desk, it’s because you shot from the hip and solved a problem by instinct rather than by protocol. You might be able to get away with the cowboy mentality in other industries, but not in healthcare.” 

Healthcare cybersecurity demands discipline. Ideal cyber defenders in this space have good planning skills; they are organized and thoughtful; and they maintain clear thinking faculties under pressure.

“We must take a thoughtful, detail-oriented approach to resolving issues,” he explained. “Protocols and procedures are critical—they’re like a playbook. We don’t leave room for guesswork.” 

Career Pathways: Community Colleges and Internships 

Cady started his own journey at Tacoma Community College, later completing his master’s in Information Systems Management. “I’ve seen many people succeed starting at community colleges,” he said, noting that his children all began their college paths there as well. 

Certifications show you’ve acquired knowledge. A degree proves you can set and achieve long-term goals. But getting the first job is still the biggest hurdle. That’s why internships matter so much. 

“Internships let organizations assess aptitude and fit—and interns get a better idea of whether they like the work. Even discovering you don’t like a particular role can help provide clarity and direction."

Cloud Fluency is Essential 

Healthcare organizations often operate in hybrid environments, combining on-prem systems with cloud-based services. 

“Even if your organization hasn’t moved everything to the cloud, your vendors probably have,” reports Cady. 

Familiarity with AWS, Azure, and Google Cloud is essential. Each of them is better at different things. Google Cloud, for example, has strengths in genomics, while others excel in other areas. He urges students to understand IaaS, PaaS and SaaS because many organizations are embracing a cloud-first mindset.

Low-latency (time-sensitive) systems, like neonatal monitors, may remain local, but most other systems—including analytics and medical records—can run securely in the cloud. Thus, a hybrid mix of on-premises and cloud-based systems is becoming the norm in health care. So students should be familiar with managing mixed environments.

AI, Automation, and Emerging Roles 

AI and automation are transforming cybersecurity—but not eliminating entry-level jobs. 

“I’ve been told for 20 years that automation would make security easy. Now they’re saying AI will,” Cady said. “But we still need people.” 

Entry-level positions like SOC analyst, security analyst, junior developer, and IT support are still important. Cady reminds us that artificial intelligence is a tool. It can help reduce low-level workload so humans can focus on complex problems.

He urged students to learn about Generative AI, its applications, and its vulnerabilities. 

“We need defenders who understand how to secure these technologies—and how to test their limits.” 

How to Stand Out as an Applicant 

Cady looks for more than just credentials. Soft skills and background experience - even in non-IT roles - matter.

“You must meet the technical baseline, of course. But then I look for what makes someone unique. Are they a good team fit? Do they bring skills I don’t already have on the team?” 

He gave the example of a former paramedic who became a cybersecurity architect. This applicant had been in combat, worked under pressure, and understood healthcare from the front lines. He had depth and composure. That stood out. Cady identified him as someone likely to stay focused and unshaken during an emergency.

Furthermore, strong communication, analytical thinking, and technical writing skills are essential, even at entry level. 

“Cybersecurity professionals write reports, advise leadership, and document everything,” he said. “Don’t underestimate the value of writing.” 

Call for Cross-Disciplinary Training 

Cady wants to see more medical students receive cybersecurity training. In healthcare education, there is a huge body of knowledge to absorb, so cybersecurity is often overlooked. 

“But if a system goes down, that’s a patient-impacting event," he warned.

He supports the idea of including healthcare cybersecurity experts on college advisory boards. 

“Even Internet of Things (IoT) training in manufacturing can transfer over to IoMT—Internet of Medical Things. The overlap is huge.” 

What's Keeping Cyber Leaders Up at Night? 

When asked what worries him most, Cady offered three threats: 

  1. Deepfake Impersonation – “There are tools that use a few images and audio clips to generate convincing fake participants in video meetings. Job applicants and even executives have been impersonated. It’s already happening.”
  2. Post-Quantum Cryptography – “Quantum computing will eventually make current encryption obsolete. New encryption capabilities exist, but not enough companies are transitioning quickly enough.”
  3. Security Fatigue – “People are tired of MFA, password changes, and constant vigilance. But cybersecurity depends on everyone doing their part all the time. We need smarter, more user-friendly tools to reduce fatigue while strengthening protection.”

Final Words of Advice 

Cady speaks straight to our community college students when he says, 

“I started where you are. I’ve seen many others do the same. Be curious, stay adaptable, and lean into what excites you.” 

Cybersecurity in healthcare isn’t just a job—it’s a chance to protect people when they need it most. And for students across Washington’s community colleges, that’s a mission worth pursuing. 

Blue medical symbol depicted with a lock and chains around it.
Footnote: For more information about why cybercriminals target medical institutions, see this article by the World Economic Forum: “Cyber attacks in healthcare can be deadly. Here are 3 ways to prevent them.” Dated Aug 18, 2023. https://www.weforum.org/stories/2023/08/3-ways-prevent-cyber-attacks-improve-healthcare-outcomes/